(RHSA-2022:5555) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update
Discription

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

Security Fix(es):

* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)

* apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)

* apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive (CVE-2021-35516)

* apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-35517)

* apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive (CVE-2021-36090)

* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)

* semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding (CVE-2022-31051)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notesRead More

Back to Main

Subscribe for the latest news: